CS, MASK-password must support same MASKED string without SALT and ITERATION as old vaults system. -------------------------------------------------------------------------------------------------- Key: WFCORE-2541 URL: https://issues.jboss.org/browse/WFCORE-2541 Project: WildFly Core Issue Type: Bug Components: Security Reporter: Hynek Švábek MASK-password must support same MASKED string without SALT and ITERATION as old vaults system. MASKED password in Elytron has this format {code} MASK-KAwLfD1BN8WFhZptWsa17G==;12345678;230 {code} But old vault system has SALT and ITERATION as global parameters for all MASK-strings same. And you have this format of MASKED password {code} MASK-KAwLfD1BN8WFhZptWsa17G== {code} It would be better add there original approach too because of migration... Please add there this default option: * set SALT and ITERATION default values for using of credential stores. If will be defined MASK-string without SALT and ITERATION then will be used these values. * if you use MASK-string;SALT;ITERATION form, then will be used SALT and ITERATION from this.